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DETAILED ACTION 

1. This action is in response to the communication filed on January 07, 2008. Claims 32 - 
37 have been cancelled and Claims 1 - 31 are pending. 

Response to Arguments 

2. Applicant's remarks filed on January 07, 2008 have been fully considered. 

With respect to Double Patenting rejection, Applicant argues that Patents 6,418,444 and 
6,742,006 "with subject matter relating to verifying whether a program conforms to a platform 
standard". Applicant states that the present invention "do not claim subject matter relating to 
verifying whether a program conforms to a platform standard". Examiner agrees that part of the 
preamble of Patent claims recites "verifies that a computer program written in a programming 
language conforms to a platform standard for" however, Examiner respectfully directs Applicant 
attention to rest of the preamble and body of the claimed invention, i.e., "A firewall system that 
verifies that a computer program written in a programming language conforms to a platform 
standard for the programming language, comprising:" and "a portion of firewall system that 
receives the computer program from a source outside the firewall; a portion of the firewall 
system that determines whether the received computer program is a computer program of a 
type to be checked for conformance; a portion of the firewall system that determines whether 
the computer program contains an indication that it conforms to the platform standard; and a 
portion of the firewall system that passes the computer program through the firewall only when 
the computer program contains an indication that it conforms to a platform standard" in both the 
Patents 6,418,444 and 6,742,006 wherein, the Patent inventions specifically determine with a 
firewall system whether an indication that the computer program of a type to be checked for 
conformance" wherein an example of such a determination, for example, in Patent 6,418,444 
Fig. 1, 5(a) and 5(b) will be made and as to the instant application, the determination to 
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authenticate a first security identification through a firewall is generally claimed as "a security 
context block that determines whether a first security identification can be authenticated 
(checked for conformance) and a first firewall control block, wherein the first firewall control 
block includes: an associate security identification portion that identifies one or more associates 
of said first application (type to be checked) as identified associates, and wherein each one of 
said one or more identified associates has access privilege with respect to said first application" 
which are disclosed in Patents, for example, Patent 6,418,444 Figure 9. Thus instant claims are 
obvious over Patents and Examiner maintains Double Patenting rejection. Furthermore, 
Examiner suggests filing Terminal disclaimer to overcome Double Patenting rejection. 

With respect to Double Patenting rejection with copending application 10/743,929, 
Applicant states that "As the present application and U.S. 10/743,929 currently pending, 
Applicant submit the rejection is premature and do not submit a terminal disclaimer rejection at 
this time". Examiner respectfully maintains double patenting rejection with copending application 
10/743,929 until the issue is resolved and requests Applicant to file a terminal disclaimer to 
overcome double patenting rejection. 

3. With respect to claims 1 , 7, 1 0, 1 4, 21 and 27, Applicant agrees that cited prior art 
Montgomery et al. Patent 7,127,605 teaches "a system in which various security methods are 
enforced" and "a firewall control block limits access through various security checks, such as the 
session keys and the like", however argues that Montgomery do not teach amended claim 
limitation, "determining whether a security identification can be authenticated before it is 
presented to a firewall control block or Java™ compliant applet". Examiner disagrees and points 
to Montgomery Column 4 lines 3-20 wherein, the security policy is applied to verifying and 
authenticating the client through an AID, public, private key pairs, PIN or shared secret (see 
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also Column 3 lines 28 - 42 and Column 5 lines 4 - 52) which corresponds to instant 
application amended claim limitation "determining whether a security identification (identification 
disclosed as security ID, See instant specification Paragraph [0044]) can be authenticated 
(disclosed as the authentication process by a verification process that uses a set of public 
and/or private keys, See instant specification Paragraph [0044]) before it is presented to a 
firewall. 

Applicant's general allegation that the claims define a patentable invention without 
specifically pointing out how the language of the claims patentably distinguishes them from the 
references. Therefore, the examiner respectfully asserts that the cited prior art does teach or 
suggest the subject matter broadly recited in independent claims. The dependent claims are 
rejected at least by virtue of their dependency on the dependent claims and by other reason set 
forth in this office action. Accordingly, the rejection for the pending claims is respectfully 
maintained. 

Double Patenting 

The nonstatutory double patenting rejection is based on a judicially created doctrine 
grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or 
improper timewise extension of the "right to exclude" granted by a patent and to prevent 
possible harassment by multiple assignees. A nonstatutory obviousness-type double patenting 
rejection is appropriate where the conflicting claims are not identical, but at least one examined 
application claim is not patentably distinct from the reference claim(s) because the examined 
application claim is either anticipated by, or would have been obvious over, the reference 
claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re 
Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 
USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re 
Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); and In re Thorington, 418 F.2d 528, 163 
USPQ 644 (CCPA 1969). 

A timely filed terminal disclaimer in compliance with 37 CFR 1 .321 (c) or 1 .321 (d) may be 
used to overcome an actual or provisional rejection based on a nonstatutory double patenting 
ground provided the conflicting application or patent either is shown to be commonly owned with 
this application, or claims an invention made as a result of activities undertaken within the scope 
of a joint research agreement. 

Effective January 1 , 1 994, a registered attorney or agent of record may sign a terminal 
disclaimer. A terminal disclaimer signed by the assignee must fully comply with 37 CFR 
3.73(b). 
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4. Claims 1 - 31 rejected on the ground of nonstatutory obviousness-type double patenting 
as being unpatentable over claims 1 - 46 of U.S. Patent No. 6,418,444. Although the conflicting 
claims are not identical, they are not patentably distinct from each other because the instant 
case, all elements of claims 1 - 31 correspond to the claims of 1 - 46 of the patent claims, 
except in the instant claims the elements "a first application", "a second application" and "first 
firewall control block", are referred in the patent claims as "computer program" and "a firewall". 

It would have been obvious to one having ordinary skill in the art to recognize that "a first 
application and a second application" are equivalent to "computer program" and "first firewall 
control block" is equivalent to "a firewall. Claims of the instant application are anticipated by 
patent claims in that the patent claims contains all the limitations of the instant application. 
Claims of the instant application therefore is not patentably distinct from the earlier patent claims 
and as such are unpatentable for obvious-type double patenting (In re Goodman (CAFC) 29 
USPQ2d 2010 (12/3/1993). 

5. Claims 1 - 31 rejected on the ground of nonstatutory obviousness-type double patenting 
as being unpatentable over claims 1 - 69 of U.S. Patent No. 6,742,006. Although the conflicting 
claims are not identical, they are not patentably distinct from each other because the instant 
case, all elements of claims 1 - 31 correspond to the claims of 1 - 69 of the patent claims, 
except in the instant claims the elements "a first application", "a second application" and "first 
firewall control block", are referred in the patent claims as "computer program" and "a firewall". 

It would have been obvious to one having ordinary skill in the art to recognize that "a first 
application and a second application" are equivalent to "computer program" and "first firewall 
control block" is equivalent to "a firewall. Claims of the instant application are anticipated by 
patent claims in that the patent claims contains all the limitations of the instant application. 
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Claims of the instant application therefore is not patentably distinct from the earlier patent claims 
and as such are unpatentable for obvious-type double patenting (In re Goodman (CAFC) 29 
USPQ2d 2010 (12/3/1993). 

6. Claims 1 - 31 rejected on the ground of nonstatutory obviousness-type double patenting 
as being unpatentable over claims 1 - 22 of U.S. copending application No. 10/743,929. 
Although the conflicting claims are not identical, they are not patentably distinct from each other 
because the instant case, all elements of claims 1 - 31 correspond to the claims of 1 - 22 of the 
patent claims and patent claims encompasses the scope of Claims 1 - 31 of the instant 
application. 

The instant application generally claims a computing environment comprising a virtual 
machine, a first application operating on said virtual machine and a first firewall control block. 
Copending application 10/743,929 claims similar limitations except "further defines the access 
privilege of said second application with respect to said first application". However, copending 
application claims, "a first firewall control block, wherein said first firewall control block defines 
access privileges of said first application", which is equivalent to the instant application. 

This is a provisional obviousness-type double patenting rejection because the conflicting 
claims have not in fact been patented. 

Claim Rejections - 35 USC §102 

The text of those sections of Title 35, U.S. Code not included in this action can be found 
in a prior Office action. 

7. Claims 1 - 31 are rejected under 35 U.S.C. 102(e) as being anticipated by Montgomery 
et al. (U.S. Patent Number 7,127,605). 
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8. As per Claims 1, 7 and 14, Montgomery teaches "a virtual machine; a first application 
operating on said virtual machine; a security context block that determines whether a first 
security identification can be authenticated (Summary and Column 3 lines 28 - 42); 

a second application operating on said virtual machine; and a firewall control block, 
wherein said firewall control block includes one or more of the following: a first firewall control 
block portion, wherein said first firewall control block portion defines access privileges of said 
first application with respect to said second application, and further defines the access privileges 
of said second application with respect to said first application, a second firewall control block 
portion, wherein said second firewall control block portion includes: an associate security 
identification portion that identifies one or more associates of said first application as identified 
associates, wherein each one of said one or more identified associates has access privilege 
with respect to said first application (Summary; Column 3 lines 28 - 42 and Column 5 lines 4 - 
52); 

an access-operations portion that for each one of said one or more identified associates 
identifies one or more access operations that have been allowed, wherein the security context 
block presents the first security identification to the first firewall control block responsive to 
determining that said first security identification can be authenticated (Column 4 lines 3 - 20) ". 

9. As per Claim 10, Montgomery teaches "receiving a request from a first Java™ compliant 
applet operating on Java™ virtual machine to perform an operation on a second Java™ 
compliant applet, said request including a security identifier that identifies said first Java™ 
compliant applet; a security context block determining whether a first security identification can 
be authenticated and when the security context block determines that the first security 
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identification can be authenticated, reading a firewall control block associated with said second 
Java™ compliant applet (Summary and Column 3 lines 28 - 42 and Column 4 lines 3 - 20); 

determining whether said firewall control block defines said security identifier as an 
associate of said second Java™ compliant applet; and denying access to said first Java™ 
compliant applet when said determining determines that control block does not define said 
security identifier as an associate (Column 3 lines 28 - 42 and Column 4 lines 3 - 20)". 

10. As per Claim 21 , Montgomery teaches "virtual machine; one or more applications 
operating on said virtual machine; and one or more security context blocks provided for said one 
or more applications, wherein each of said one or more security context blocks include: a 
security identification (Summary and Column 3 lines 28 - 42); and 

a cryptographic system that can be used to perform cryptographic operations, wherein 
said cryptographic operations include cryptographic operations that can be performed on said 
security identification, wherein each security context block determines whether a security 
identification can be authenticated and the respective security context block presents the 
security identification to a first firewall control block responsive to determining that said security 
identification can be authenticated (Column 4 lines 3 - 20)". 

11. As per Claim 27, Montgomery teaches " providing a security context that includes a 
security identification and a cryptographic system; receiving from a first Java™ compliant applet 
a request to perform an operation on a second Java™ compliant applet, wherein the request 
includes a first security identification; determining whether said first Java™ compliant applet can 
be authenticated (Summary and Column 3 lines 28 - 42) and 

presenting the first security identification to said second Java™ compliant applet only 
when said determining determines that said first security identification can be authenticated 
(Column 4 lines 3 - 20)". 
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12. As per Claim 2, Montgomery teaches "one or more identifiers that have been assigned 
to said one or more identified associates; and wherein for each one of said one identifiers, one 
or more operations have been defined in said access-operations portion (Column 3 lines 28 - 
42)". 

13. As per Claim 4, Montgomery teaches "wherein said computing environment includes a 
second application operating on said virtual machine, wherein said first firewall control block 
includes a security ID of said second application, thereby indicating that said second application 
is an identified associate of said first application, and wherein said first firewall control block also 
includes one or more operations that have been defined for said second application, thereby 
indicating what operations can be performed by said second application on said first application 
(Column 5 lines 2 - 52)". 

14. As per Claim 8, Montgomery teaches "wherein said mobile device is a Java™ compliant 
smart card (Column 3 lines 28 - 42)". 

15. As per Claim 1 1 , Montgomery teaches "wherein said method further comprises: 
determining whether said firewall control block defines said operation as an operation that 
should be allowed when said determining determines that said firewall control block defines said 
security identifier as an associate; and granting access to said first Java™ compliant applet to 
perform said operation on said second Java™ compliant applet when said determining 
determines that said firewall control block defines said operation as an operation that should be 
allowed (Column 5 lines 2 - 52)". 

16. As per Claim 15, Montgomery teaches "wherein said first firewall control block portion 
includes a firewall control value and a firewall control indicator (Column 3 lines 28 - 42)". 
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17. As per Claim 17, Montgomery teaches "wherein said first firewall control block portion 
includes a plurality of firewall control values and a plurality firewall control indicators (Column 5 
lines 2 - 52)". 

18. As per Claim 18, Montgomery teaches "wherein said first firewall control block portion 
includes first and second firewall control values and first and second firewall control indicators, 
wherein the first firewall control value and indicator indicate access privileges of said first 
application to said second application, and wherein said second firewall control value and 
indicator indicate access privileges of said second application to said first application (Column 5 
lines 2 - 52)". 

19. As per Claim 19, Montgomery teaches "wherein said computing environment is a Java™ 
compliant computing environment, and wherein said first and second applications are Java™ 
compliant applets (Column 3 lines 28 - 42)". 

20. As per Claim 22, Montgomery teaches "wherein said security identification includes one 
or more security identifiers have been assigned to said one or more applications, and wherein 
said cryptographic system includes: one or more keys; one or more key management 
information that provide information with respect said one or more keys; and one or more 
algorithm identifiers that identify what cryptographic algorithm should be used (Column 3 lines 
28 - 42 and Column 4 lines 3 - 20)". 

21 . As per Claim 28, Montgomery teaches "wherein said determining of whether said first 
Java™ compliant applet can be authenticated comprises: verifying an encrypted string (Column 
4 lines 3-20)". 

22. As per Claim 29, Montgomery teaches "wherein said determining whether said first 
Java™ compliant applet can be authenticated comprises: sending a random string to said first 
Java™ compliant applet; encrypting, by said first Java™ compliant applet, said random string to 
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generate a encrypted string; decrypting said random string to generate a decrypted string; and 
determining whether said decrypted string matches said random string (Column 4 lines 3 - 20)". 

23. As per Claim 30, Montgomery teaches "wherein said authentication can be performed 
without a configuration file (Column 4 lines 3 - 20)". 

24. As per Claim 31, Montgomery teaches "wherein said authentication can be performed 
without user intervention (Column 4 lines 3 - 20)". 

25. As per Claim 3, Montgomery teaches "wherein said one or more operations include 
read, write, delete, create, and update operations (Column 3 lines 28 - 42)". 

26. As per Claim 5, Montgomery teaches "wherein said computing environment is a Java™ 
compliant computing environment, and wherein said first and second applications are Java™ 
compliant applets (Column 3 lines 28 - 42)". 

27. As per Claim 6, Montgomery teaches "wherein said computing environment is a Java™ 
compliant computing environment, and wherein said first firewall control block is implemented in 
the run time environment (Column 5 lines 4 - 52)". 

28. As per Claim 9, Montgomery teaches "wherein a firewall control block is defined for 
every Java™ compliant applet that operates on said Java™ compliant virtual machine (Column 
3 lines 28-42)". 

29. As per Claim 12, Montgomery teaches "wherein said method further comprises: 
providing a reference to said first Java™ compliant applet with a reference to said second 
Java™ compliant when access is granted (Column 3 lines 28 - 42)". 

30. As per Claim 13, Montgomery teaches "wherein said providing of a reference comprises: 
invoking a first method that is implemented as a part of Java™ management (or system) 
environment; and invoking a second method that is implemented as an applet class, as a result 
of said invoking of the second method (Column 3 lines 28 - 42)". 
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31. As per Claim 16, Montgomery teaches "wherein said firewall control value is an access 
privileges control value represented by one or more bytes, and wherein said firewall control 
value is an indicator value represented by one or more bytes that indicate how the firewall 
control value should be interpreted with respect to access privileges of other applications 
(Column 4 lines 3 - 20)". 

32. As per Claim 20, Montgomery teaches "wherein said computing environment is a Java™ 
compliant computing environment, and wherein said first firewall control block is implemented in 
Java™ run time environment (Column 3 lines 28 - 42)". 

33. As per Claim 23, Montgomery teaches "wherein said cryptographic operations include 
digital signatures, verification, encryption, decryption, and authentication (Column 4 lines 3 - 
20)". 

34. As per Claim 24, Montgomery teaches "wherein said cryptographic system includes one 
or more cryptographic operation identifiers that identify one or more cryptographic operations 
associated with said one or more keys (Column 4 lines 3 - 20)". 

35. As per Claim 25, Montgomery teaches "wherein said computing system further includes: 
an encryptor that operates to encrypt a first string using one or more of said keys to generate an 
encrypted string; a decryptor that operates to decrypt said encrypted string; and a verifier that 
operates to determine whether the decrypted string can be verified (Column 4 lines 3 - 20)". 

36. As per Claim 26, Montgomery teaches "wherein said computing environment further 
comprises: a Java™ management applet that can operate to authenticate a security 
identification transmitted (Column 3 lines 28 - 42)". 
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Conclusion 

THIS ACTION IS MADE FINAL. Applicant is reminded of the extension of time policy as 
set forth in 37 CFR 1.136(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within TWO 
MONTHS of the mailing date of this final action and the advisory action is not mailed until after 
the end of the THREE-MONTH shortened statutory period, then the shortened statutory period 
will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 
CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, 
however, will the statutory period for reply expire later than SIX MONTHS from the mailing date 
of this final action. 

Examiner's Note: Examiner has cited particular columns and line numbers in the 
references as applied to the claims above for the convenience of the applicant. Although the 
specified citations are representative of the teachings in the art and are applied to the specific 
limitations within the individual claim, other passages and figures may apply as well. It is 
respectfully requested from the applicant, in preparing the responses, to fully consider the 
references in entirety as potentially teaching all or part of the claimed invention, as well as the 
context of the passage as taught by the prior art or disclosed by the examiner. 

The prior art made of record and not relied upon is considered pertinent to applicant's 
disclosure. See PTO Form 892. 
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Applicant is urged to consider the references. However, the references should be 
evaluated by what they suggest to one versed in the art, rather than by their specific disclosure. 
If applicants are aware of any better prior art than those are cited, they are required to bring the 
prior art to the attention of the examiner. 

Any inquiry concerning this communication or earlier communications from the examiner 
should be directed to Pramila Parthasarathy whose telephone number is 571-272-3866. The 
examiner can normally be reached on 8:00a.m. To 5:00p.m.. If attempts to reach the examiner 
by telephone are unsuccessful, the examiner's supervisor, Nasser Moazzami can be reached 
on 571-232-4195. Any inquiry of a general nature or relating to the status of this application or 
proceeding should be directed to the receptionist whose telephone number is 703-305-3900. 

Information regarding the status of an application may be obtained from the Patent 
Application Information Retrieval (PAIR) system. Status information for published applications 
may be obtained from either Private PAIR or Public PAIR only. For more information about the 
PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). 

/Pramila Parthasarathy/ 
Examiner, Art Unit 2136 
April 13, 2008. 



